Senior Security Consultant (Hardware)
Thanks for checking out our job opening; we are excited that YOU are interested in learning more about NCC Group.
We are on a mission to make society a safer and more secure place. Our people are the ones who make that possible; a global community of talented individuals working together towards a safer future.
We aim to create an environment where everyone can reach their full potential. We work together, we are brilliantly creative, we embrace difference and we want you to join in our mission, to make the world safer and more secure.
We are looking for security-focused engineers and researchers to join our security consulting practice. Job duties will include code review, penetration testing, security analysis, reverse engineering, and cutting-edge research into current technologies and attacks.
A Senior Security Consultant (SSC) must have the experience, technical skill, consulting finesse, and management skills required to deliver a broad variety of technically demanding projects. This role may be appropriate for new hires with extensive security consulting experience or those who can immediately contribute at a senior level, but generally those with this role have a long history of effectively delivering software or hardware security projects.
SSCs are expected to act as Technical Lead on most projects and to focus on developing skills needed to continue deliver high-quality projects, help colleagues at NCC through the act of mentoring, and also exhibiting technical prowess via research and tool development that extends NCC’s abilities.
We are a consultancy and so, when necessary, our work is sometimes performed on the clients’ site. That being said, we’re always working with clients to deliver remote work whenever possible. We also proactively monitor travel so that no one spends too much time on the road. By and large, we are a company run by security consultants, and we have no interest in burning ourselves out.
Research is at the foundation of NCC Group and the work that we do. We speak at top-tier security conferences all over the world. All of our consultants receive time and resources to support their research endeavours.
Additionally, in your downtime between customer engagements, you can broaden your security skills by working through one of NCC Group’s numerous internal training programs.
Required Experience / Skills:
The following qualifications and experience are important for being successful in this role.
- Bachelor’s program in Computer Science, Engineering, or equivalent.
- Minimum of 2 years of experience working in software or hardware security.
- Minimum of 2 years of experience in delivering technical results or solutions.
We expect that a Senior Security Consultant will demonstrate in-depth experience in 4+ areas of technical competency. The following technical skills and experience are important for being successful in this role.
- Experience auditing driver code for the Windows and/or Linux operating systems.
- Basic familiarity with firmware reverse engineering.
- Able to read schematics.
- Good understanding of common embedded system architectures and design patterns.
- Able to perform security-focused code review in 2+ languages (particularly C/C++)
- Able to guide clients through secure design methodologies such as threat modelling, and attack surface enumeration
- Web application and web service testing
- Network infrastructure penetration testing
- Mobile application security testing (Android and iOS)
Desired Experience / Skills:
Although the following skills are not mandatory, they will certainly help your application get our attention:
- Familiarity with cryptography
- Detailed knowledge of bootloaders, operating systems and drivers.
- Ability to perform black-box reverse engineering
- Familiarity with secure boot architectures.
- Knowledge of ARM or x86 architectures.
- Familiarity with UEFI platform firmware internals.
- Familiarity with storage controllers and protocols (NVMe, eMMC, SATA, SCSI, etc).
- Experience with SDR and wireless protocols (Bluetooth, ZigBee, Cellular, Wi-Fi).
- Excellent spoken and written communication skills, because being able to explain a vulnerability is just as important as being able to find it!
- Able to act as Technical Lead on large multi-faceted projects
- High-level of professionalism
- Outstanding attention to detail
- Self-motivated and a demonstrated self-starter
- Highly dependable
- Willingness to travel
NCC Group has over 2,200 members located all around the world, providing a trusted advisory service to 15,000 customers. Born in the UK, we have now have offices in North America, Canada, Europe, Asia- Pacific and United Arab Emirates.
We are passionate about helping our customers to protect their brand, value and reputation against the ever-evolving threat landscape. We fuel that passion with investment in our people and our business.
Our values and code of ethics are at the heart of how we operate – we work together, we are brilliantly creative and we embrace difference. We treat everyone and everything with equal respect.
We want to create an environment where all colleagues feel psychologically, emotionally and physically safe to be authentic, sharing their personal experiences to represent the diversity of the world they live in, and have equal opportunity to achieve their best.
About your application
We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.